939 matches found
WordPress Passster – Password Protection plugin <= 3.5.5.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Passster – Password Protection plugin versions = 3.5.5.1. Solution Update the WordPress Passster – Password Protection plugin to the latest available version at least 3.5.5.2...
[SECURITY] Fedora 35 Update: xpra-4.3.2-1.fc35
Xpra is "screen for X": it allows you to run X programs, usually on a remote host, direct their display to your local machine, and then to disconnect from these programs and reconnect from the same or another machine, without losing any state. It gives you remote access to individual applications...
Security Bulletin: IBM Maximo Anywhere applications have no binary obfuscation
Summary IBM Maximo Anywhere applications have no binary obfuscation of source code allowing the applications to be de-compiled. Vulnerability Details CVEID: CVE-2019-4352 DESCRIPTION: IBM Maximo Anywhere applications could allow obfuscation of the application source code. CVSS Base score: 2.4 CVS...
Design/Logic Flaw
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make...
Bosch Amc2 访问控制错误漏洞
Bosch Amc2 is an access modular controller from Bosch, Germany. An access control error vulnerability exists in the Bosch AMC2 that stems from the Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe used to configure certain settings in the AMC2 device. The tools allow password protection...
PT-2022-5708 · Symantec · Symantec Endpoint Protection
Name of the Vulnerable Software and Affected Versions: Symantec Endpoint Protection Windows versions prior to 14.3 RU6/14.3 RU5 Patch 1 Description: The issue is related to a Security Control Bypass, which can potentially allow a threat actor to circumvent existing security controls. This...
CVE-2021-20170
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password...
Information Disclosure
concrete5/core is vulnerable to information disclosure. Password protected files are exposed to any users using viewinline because it does not limit file types for viewinline to images only...
Nextcloud: bypass forced password protection via circles app
Summary: A user can bypass password enforcement for link and email shares by using a circle Steps To Reproduce: 1. enable forced passwords for link shares and email shares as administrator in the share settings 2. as user create a circle and add an e-mail-address 3. share some file to that circle...
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
CVE-2021-22951
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
5 Steps For Securing Your Remote Work Space
Use a VPN ------------ Whether you’re connecting to company resources or a Zoom call, use a virtual private network VPN. VPNs encrypt all of your online traffic to prevent hackers from capturing data in transit. Be sure to use a well-known VPN – they are widely available in software marketplaces...
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...
Session fixation
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...
Wsh - Web Shell Generator And Command Line Interface
wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...
CVE-2021-37548
CVE-2021-37548 affects JetBrains TeamCity (pre-2021.1). The issue is that passwords could be stored in cleartext in VCS, enabling exposure of credentials. Root cause: plaintext password leakage in VCS handling within TeamCity. Impact: confidentiality impact is high per CVSS metrics; exploiting de...
CVE-2021-22780
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...
CVE-2021-22780
CVE-2021-22780 describes an Insufficiently Protected Credentials issue across Schneider Electric EcoStruxure product lines (EcoStruxure Control Expert/Unity Pro, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70). The vulnerability allows unauthorized access to a password-protected proj...